RFC Errata


Errata Search

 
Source of RFC  
Summary Table Full Records

RFC 4941, "Privacy Extensions for Stateless Address Autoconfiguration in IPv6", September 2007

Source of RFC: ipv6 (int)

Errata ID: 4594
Status: Rejected
Type: Technical
Publication Format(s) : TEXT

Reported By: Johanna Ullrich
Date Reported: 2016-01-14
Rejected by: Brian Haberman
Date Rejected: 2016-01-15

Section 3.2 says:


Notes:

The algorithm for interface identifier generation is flawed: An adversary is able to infer a client's history value from a sequence of observed addresses and is able to infer all future interface identifiers of this certain client annihilating the extension's intended purpose of privacy protection.

For a detailed explanation on the algorithm's drawbacks, please see my paper:
https://www.sba-research.org/wp-content/uploads/publications/Ullrich2015Privacy.pdf
--VERIFIER NOTES--
The issue raised goes beyond a fix via the errata system. This should be raised in the appropriate working group within the IETF.

Report New Errata